cc-reviewer 1.1.2 → 1.1.4

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cc-reviewer",
-  "version": "1.1.2",
+  "version": "1.1.4",
   "description": "MCP server for Claude Code - Get second-opinion feedback from Codex/Gemini CLIs",
   "type": "module",
   "main": "dist/index.js",

package/README.md

@@ -1,131 +0,0 @@
-# CC Reviewer - AI Code Review for Claude Code
-
-Get second-opinion feedback from OpenAI Codex and Google Gemini CLIs on Claude Code's work, then synthesize and incorporate.
-
-## Quick Install
-
-```bash
-claude mcp add -s user cc-reviewer -- npx -y cc-reviewer
-```
-
-That's it! Restart Claude Code and the tools are available.
-
-Verify with:
-```bash
-claude mcp list
-# cc-reviewer: npx -y cc-reviewer - ✓ Connected
-```
-
-### Alternative: Manual Install
-
-```bash
-git clone https://github.com/SimonRen/cc-reviewer.git
-cd cc-reviewer/mcp-server
-npm install && npm run build
-claude mcp add -s user cc-reviewer -- node /path/to/cc-reviewer/mcp-server/dist/index.js
-```
-
-## Prerequisites
-
-Install at least one AI CLI:
-
-```bash
-# OpenAI Codex CLI
-npm install -g @openai/codex-cli
-codex login
-
-# Google Gemini CLI
-npm install -g @google/gemini-cli
-gemini  # follow auth prompts
-```
-
-## Slash Commands (Optional)
-
-Copy the slash commands to your global commands folder:
-
-```bash
-# Clone repo (if not already)
-git clone https://github.com/SimonRen/cc-reviewer.git
-
-# Copy commands
-cp cc-reviewer/commands/*.md ~/.claude/commands/
-```
-
-Then use:
-
-```bash
-/codex-review                    # Review with Codex
-/codex-review security           # Focus on security
-
-/gemini-review                   # Review with Gemini
-/gemini-review architecture      # Focus on architecture
-
-/multi-review                    # Both models in parallel
-```
-
-## How It Works
-
-```
-CC does work → User: /codex-review → External CLI reviews → CC synthesizes → Updated output
-```
-
-**Key Principles:**
-- **CC is primary**: Claude Code does all the work; external models only review
-- **Working directory strategy**: Pass `cwd` + small CC output; external CLIs read files directly
-- **Synthesis, not passthrough**: CC always judges external feedback before incorporating
-
-## Focus Areas
-
-| Area | Description |
-|------|-------------|
-| `security` | Vulnerabilities, auth, input validation |
-| `performance` | Speed, memory, efficiency |
-| `architecture` | Design patterns, structure, coupling |
-| `correctness` | Logic errors, edge cases, bugs |
-| `maintainability` | Code clarity, documentation, complexity |
-| `scalability` | Load handling, bottlenecks |
-| `testing` | Test coverage, test quality |
-| `documentation` | Comments, docs, API docs |
-
-## MCP Tools
-
-The plugin exposes four MCP tools:
-
-| Tool | Description |
-|------|-------------|
-| `codex_feedback` | Get Codex review (correctness, edge cases, performance) |
-| `gemini_feedback` | Get Gemini review (design patterns, scalability, tech debt) |
-| `multi_feedback` | Parallel review from both models |
-| `council_feedback` | Multi-model consensus with verification pipeline |
-
-## Output Format
-
-External CLIs return structured JSON feedback with:
-- **Findings**: Issues with severity, confidence, location, and suggestions
-- **Agreements**: Validations of CC's correct assessments
-- **Disagreements**: Challenges to CC's claims with corrections
-- **Alternatives**: Different approaches with tradeoffs
-- **Risk Assessment**: Overall risk level with top concerns
-
-## Development
-
-```bash
-cd mcp-server
-npm install
-npm run build       # Build once
-npm run dev         # Watch mode
-npm test            # Run tests
-npm run test:watch  # Watch mode tests
-npm start           # Run server
-```
-
-## Publishing
-
-Uses npm Trusted Publishing (OIDC, no tokens):
-```bash
-gh workflow run publish.yml -f version=patch  # or minor/major
-```
-
-## License
-
-MIT

package/dist/__tests__/pipeline.test.d.ts

@@ -1,4 +0,0 @@
-/**
- * Tests for pipeline.ts - verification and security features
- */
-export {};

package/dist/__tests__/pipeline.test.js

@@ -1,219 +0,0 @@
-/**
- * Tests for pipeline.ts - verification and security features
- */
-import { describe, it, expect, beforeEach, afterEach } from 'vitest';
-import { mkdirSync, writeFileSync, rmSync, existsSync } from 'fs';
-import { join } from 'path';
-import { tmpdir } from 'os';
-import { FileCache, verifyFinding } from '../pipeline.js';
-// =============================================================================
-// TEST SETUP
-// =============================================================================
-const TEST_DIR = join(tmpdir(), 'pipeline-test-' + Date.now());
-function createTestFile(relativePath, content) {
-    const fullPath = join(TEST_DIR, relativePath);
-    const dir = fullPath.substring(0, fullPath.lastIndexOf('/'));
-    if (dir && !existsSync(dir)) {
-        mkdirSync(dir, { recursive: true });
-    }
-    writeFileSync(fullPath, content);
-}
-function createTestFinding(overrides = {}) {
-    return {
-        id: 'test-1',
-        category: 'correctness',
-        severity: 'medium',
-        confidence: 0.8,
-        title: 'Test finding',
-        description: 'Test description',
-        ...overrides,
-    };
-}
-// =============================================================================
-// FILE CACHE TESTS
-// =============================================================================
-describe('FileCache', () => {
-    beforeEach(() => {
-        mkdirSync(TEST_DIR, { recursive: true });
-        createTestFile('existing.ts', 'line 1\nline 2\nline 3\n');
-        createTestFile('subdir/nested.ts', 'nested content');
-    });
-    afterEach(() => {
-        rmSync(TEST_DIR, { recursive: true, force: true });
-    });
-    it('should return true for existing files', () => {
-        const cache = new FileCache(TEST_DIR);
-        expect(cache.exists('existing.ts')).toBe(true);
-    });
-    it('should return false for non-existing files', () => {
-        const cache = new FileCache(TEST_DIR);
-        expect(cache.exists('nonexistent.ts')).toBe(false);
-    });
-    it('should cache file existence checks', () => {
-        const cache = new FileCache(TEST_DIR);
-        // First call
-        cache.exists('existing.ts');
-        cache.exists('nonexistent.ts');
-        // Stats should show 1 file checked (non-existent cached as null)
-        const stats = cache.getStats();
-        expect(stats.filesChecked).toBe(1); // Only non-existent is cached on exists()
-    });
-    it('should return file content', () => {
-        const cache = new FileCache(TEST_DIR);
-        const content = cache.getContent('existing.ts');
-        expect(content).toBe('line 1\nline 2\nline 3\n');
-    });
-    it('should return null for non-existing file content', () => {
-        const cache = new FileCache(TEST_DIR);
-        const content = cache.getContent('nonexistent.ts');
-        expect(content).toBeNull();
-    });
-    it('should cache file content', () => {
-        const cache = new FileCache(TEST_DIR);
-        // Read twice
-        cache.getContent('existing.ts');
-        cache.getContent('existing.ts');
-        const stats = cache.getStats();
-        expect(stats.filesLoaded).toBe(1);
-    });
-    it('should return lines array', () => {
-        const cache = new FileCache(TEST_DIR);
-        const lines = cache.getLines('existing.ts');
-        expect(lines).toEqual(['line 1', 'line 2', 'line 3', '']);
-    });
-    it('should return correct line count', () => {
-        const cache = new FileCache(TEST_DIR);
-        const count = cache.getLineCount('existing.ts');
-        expect(count).toBe(4); // 3 lines + empty line from trailing newline
-    });
-    it('should handle nested paths', () => {
-        const cache = new FileCache(TEST_DIR);
-        expect(cache.exists('subdir/nested.ts')).toBe(true);
-        expect(cache.getContent('subdir/nested.ts')).toBe('nested content');
-    });
-});
-// =============================================================================
-// PATH TRAVERSAL TESTS
-// =============================================================================
-describe('Path Traversal Protection', () => {
-    beforeEach(() => {
-        mkdirSync(TEST_DIR, { recursive: true });
-        createTestFile('safe.ts', 'safe content\nline 2\nline 3');
-    });
-    afterEach(() => {
-        rmSync(TEST_DIR, { recursive: true, force: true });
-    });
-    it('should block ../../../etc/passwd traversal', async () => {
-        const finding = createTestFinding({
-            location: { file: '../../../etc/passwd', line_start: 1 },
-        });
-        const result = await verifyFinding(finding, TEST_DIR);
-        expect(result.verification.fileExists).toBe(false);
-        expect(result.verification.verificationNotes).toContain('Path traversal blocked');
-        expect(result.adjustedConfidence).toBeLessThan(0.1);
-    });
-    it('should block absolute path /etc/passwd', async () => {
-        const finding = createTestFinding({
-            location: { file: '/etc/passwd', line_start: 1 },
-        });
-        const result = await verifyFinding(finding, TEST_DIR);
-        expect(result.verification.fileExists).toBe(false);
-        expect(result.verification.verificationNotes).toContain('Path traversal blocked');
-    });
-    it('should block ../ at start of path', async () => {
-        const finding = createTestFinding({
-            location: { file: '../sibling/file.ts', line_start: 1 },
-        });
-        const result = await verifyFinding(finding, TEST_DIR);
-        expect(result.verification.fileExists).toBe(false);
-        expect(result.verification.verificationNotes).toContain('Path traversal blocked');
-    });
-    it('should allow valid relative paths', async () => {
-        const finding = createTestFinding({
-            location: { file: 'safe.ts', line_start: 1 },
-        });
-        const result = await verifyFinding(finding, TEST_DIR);
-        expect(result.verification.fileExists).toBe(true);
-        expect(result.verification.lineValid).toBe(true);
-    });
-    it('should allow paths with ./ prefix', async () => {
-        const finding = createTestFinding({
-            location: { file: './safe.ts', line_start: 1 },
-        });
-        const result = await verifyFinding(finding, TEST_DIR);
-        expect(result.verification.fileExists).toBe(true);
-    });
-});
-// =============================================================================
-// VERIFY FINDING TESTS
-// =============================================================================
-describe('verifyFinding', () => {
-    beforeEach(() => {
-        mkdirSync(TEST_DIR, { recursive: true });
-        createTestFile('test.ts', 'const x = 1;\nconst y = 2;\nconst z = 3;');
-    });
-    afterEach(() => {
-        rmSync(TEST_DIR, { recursive: true, force: true });
-    });
-    it('should verify existing file without location', async () => {
-        const finding = createTestFinding(); // No location
-        const result = await verifyFinding(finding, TEST_DIR);
-        expect(result.verification.fileExists).toBe(true);
-        expect(result.verification.lineValid).toBe(true);
-    });
-    it('should verify existing file with valid line', async () => {
-        const finding = createTestFinding({
-            location: { file: 'test.ts', line_start: 2 },
-        });
-        const result = await verifyFinding(finding, TEST_DIR);
-        expect(result.verification.fileExists).toBe(true);
-        expect(result.verification.lineValid).toBe(true);
-    });
-    it('should detect non-existing file', async () => {
-        const finding = createTestFinding({
-            location: { file: 'nonexistent.ts', line_start: 1 },
-        });
-        const result = await verifyFinding(finding, TEST_DIR);
-        expect(result.verification.fileExists).toBe(false);
-        expect(result.adjustedConfidence).toBeLessThan(finding.confidence);
-    });
-    it('should detect invalid line number', async () => {
-        const finding = createTestFinding({
-            location: { file: 'test.ts', line_start: 999 },
-        });
-        const result = await verifyFinding(finding, TEST_DIR);
-        expect(result.verification.fileExists).toBe(true);
-        expect(result.verification.lineValid).toBe(false);
-        expect(result.verification.verificationNotes).toContain('exceeds file length');
-    });
-    it('should verify matching evidence', async () => {
-        const finding = createTestFinding({
-            location: { file: 'test.ts', line_start: 2 },
-            evidence: 'const y = 2',
-        });
-        const result = await verifyFinding(finding, TEST_DIR);
-        expect(result.verification.codeSnippetMatches).toBe(true);
-        expect(result.adjustedConfidence).toBeGreaterThanOrEqual(finding.confidence);
-    });
-    it('should detect non-matching evidence', async () => {
-        const finding = createTestFinding({
-            location: { file: 'test.ts', line_start: 2 },
-            evidence: 'completely different code',
-        });
-        const result = await verifyFinding(finding, TEST_DIR);
-        expect(result.verification.codeSnippetMatches).toBe(false);
-        expect(result.adjustedConfidence).toBeLessThan(finding.confidence);
-    });
-    it('should use cache when provided', async () => {
-        const cache = new FileCache(TEST_DIR);
-        const finding = createTestFinding({
-            location: { file: 'test.ts', line_start: 1 },
-        });
-        // Verify multiple times with same cache
-        await verifyFinding(finding, TEST_DIR, cache);
-        await verifyFinding(finding, TEST_DIR, cache);
-        await verifyFinding(finding, TEST_DIR, cache);
-        const stats = cache.getStats();
-        expect(stats.filesLoaded).toBe(1);
-    });
-});

package/dist/__tests__/schema.test.d.ts

@@ -1,4 +0,0 @@
-/**
- * Tests for schema.ts - JSON Schema and Zod validation consistency
- */
-export {};

package/dist/__tests__/schema.test.js

@@ -1,165 +0,0 @@
-/**
- * Tests for schema.ts - JSON Schema and Zod validation consistency
- */
-import { describe, it, expect } from 'vitest';
-import { ReviewFinding, CodeLocation, getReviewOutputJsonSchema, parseReviewOutput, } from '../schema.js';
-// =============================================================================
-// ZOD SCHEMA TESTS
-// =============================================================================
-describe('CodeLocation Schema', () => {
-    it('should require file field', () => {
-        const result = CodeLocation.safeParse({});
-        expect(result.success).toBe(false);
-    });
-    it('should accept file-only location', () => {
-        const result = CodeLocation.safeParse({ file: 'test.ts' });
-        expect(result.success).toBe(true);
-    });
-    it('should accept full location', () => {
-        const result = CodeLocation.safeParse({
-            file: 'test.ts',
-            line_start: 10,
-            line_end: 20,
-            column_start: 0,
-            column_end: 50,
-        });
-        expect(result.success).toBe(true);
-    });
-    it('should reject negative line numbers', () => {
-        const result = CodeLocation.safeParse({
-            file: 'test.ts',
-            line_start: -1,
-        });
-        expect(result.success).toBe(false);
-    });
-});
-describe('ReviewFinding Schema', () => {
-    const validFinding = {
-        id: 'find-1',
-        category: 'security',
-        severity: 'high',
-        confidence: 0.9,
-        title: 'SQL Injection',
-        description: 'User input is not sanitized',
-    };
-    it('should accept valid finding', () => {
-        const result = ReviewFinding.safeParse(validFinding);
-        expect(result.success).toBe(true);
-    });
-    it('should accept finding with location', () => {
-        const result = ReviewFinding.safeParse({
-            ...validFinding,
-            location: { file: 'db.ts', line_start: 42 },
-        });
-        expect(result.success).toBe(true);
-    });
-    it('should reject invalid severity', () => {
-        const result = ReviewFinding.safeParse({
-            ...validFinding,
-            severity: 'extreme', // invalid
-        });
-        expect(result.success).toBe(false);
-    });
-    it('should reject confidence > 1', () => {
-        const result = ReviewFinding.safeParse({
-            ...validFinding,
-            confidence: 1.5,
-        });
-        expect(result.success).toBe(false);
-    });
-    it('should reject confidence < 0', () => {
-        const result = ReviewFinding.safeParse({
-            ...validFinding,
-            confidence: -0.1,
-        });
-        expect(result.success).toBe(false);
-    });
-    it('should validate CWE ID format', () => {
-        const validCwe = ReviewFinding.safeParse({
-            ...validFinding,
-            cwe_id: 'CWE-89',
-        });
-        expect(validCwe.success).toBe(true);
-        const invalidCwe = ReviewFinding.safeParse({
-            ...validFinding,
-            cwe_id: 'CWE89', // missing dash
-        });
-        expect(invalidCwe.success).toBe(false);
-    });
-});
-// =============================================================================
-// JSON SCHEMA CONSISTENCY TESTS
-// =============================================================================
-describe('JSON Schema Consistency', () => {
-    it('should have file as required in location', () => {
-        const schema = getReviewOutputJsonSchema();
-        const findingSchema = schema.properties.findings.items;
-        const locationSchema = findingSchema.properties.location;
-        expect(locationSchema.required).toContain('file');
-    });
-    it('should include column fields in location', () => {
-        const schema = getReviewOutputJsonSchema();
-        const findingSchema = schema.properties.findings.items;
-        const locationSchema = findingSchema.properties.location;
-        expect(locationSchema.properties).toHaveProperty('column_start');
-        expect(locationSchema.properties).toHaveProperty('column_end');
-    });
-    it('should have all severity levels', () => {
-        const schema = getReviewOutputJsonSchema();
-        const severityEnum = schema.properties.findings.items.properties.severity.enum;
-        expect(severityEnum).toContain('critical');
-        expect(severityEnum).toContain('high');
-        expect(severityEnum).toContain('medium');
-        expect(severityEnum).toContain('low');
-        expect(severityEnum).toContain('info');
-    });
-    it('should have confidence constraints', () => {
-        const schema = getReviewOutputJsonSchema();
-        const confidenceSchema = schema.properties.findings.items.properties.confidence;
-        expect(confidenceSchema.minimum).toBe(0);
-        expect(confidenceSchema.maximum).toBe(1);
-    });
-});
-// =============================================================================
-// PARSE OUTPUT TESTS
-// =============================================================================
-describe('parseReviewOutput', () => {
-    const validOutput = {
-        reviewer: 'test',
-        findings: [],
-        agreements: [],
-        disagreements: [],
-        alternatives: [],
-        risk_assessment: {
-            overall_level: 'low',
-            score: 20,
-            summary: 'Low risk',
-            top_concerns: [],
-        },
-    };
-    it('should parse valid JSON string', () => {
-        const result = parseReviewOutput(JSON.stringify(validOutput));
-        expect(result).not.toBeNull();
-        expect(result?.reviewer).toBe('test');
-    });
-    it('should extract JSON from markdown code blocks', () => {
-        const markdown = `Here is the review:
-
-\`\`\`json
-${JSON.stringify(validOutput)}
-\`\`\`
-
-That's all.`;
-        const result = parseReviewOutput(markdown);
-        expect(result).not.toBeNull();
-    });
-    it('should return null for invalid JSON', () => {
-        const result = parseReviewOutput('not valid json');
-        expect(result).toBeNull();
-    });
-    it('should return null for incomplete output', () => {
-        const incomplete = { reviewer: 'test' }; // missing required fields
-        const result = parseReviewOutput(JSON.stringify(incomplete));
-        expect(result).toBeNull();
-    });
-});